CCC The CASL Consistency Checker
|
|
- Paul Lambert
- 6 years ago
- Views:
Transcription
1 CCC The CASL Consistency Checker Christoph Lüth 1, Markus Roggenbach 2, and Lutz Schröder 1 1 Department of Mathematics and Computer Science, Universität Bremen, Germany 2 Department of Computer Science, University of Wales Swansea, United Kingdom Abstract. We introduce the Casl Consistency Checker (CCC), a tool that supports consistency proofs in the algebraic specification language Casl. CCC is a faithful implementation of a previously described consistency calculus. Its system architecture combines flexibility with correctness ensured by encapsulation in a type system. CCC offers tactics, tactical combinators, forward and backward proof, and a number of specialised static checkers, as well as a connection to the Casl proof tool HOL-Casl to discharge proof obligations. We demonstrate the viability of CCC by an extended example taken from the Casl standard library of basic datatypes. 1 Introduction Consistency of specifications is an important issue: validating a specification by proving intended consequences (sanity or conformance checking) is meaningless without a consistency proof ex falso quodlibet, and implementing a specification is impossible in the presence of inconsistencies. Some formal development paradigms and specification languages handle this problem by excluding inconsistent specifications. In contrast, algebraic specification languages such as Casl [4, 13] allow inconsistent specifications. This allows the developer to concentrate on the desired properties of the system during the requirements engineering phase, then validate their consistency in a separate, later step, before finally proceeding to implement the specification. This paper describes a prototype of the Casl Consistency Checker (CCC), a tool that supports consistency proofs for Casl specifications. It is a faithful implementation of the previously introduced calculus for consistency proofs of Casl specifications [15]. CCC is part of wider effort to provide tool support for Casl, comprising the Casl tool set CATS [12] which includes a parser, static analysis, and an encoding into higher-order logic, which is used to embed Casl into Isabelle/HOL [14], thus providing proof support for Casl specifications (HOL-CASL). The material is structured as follows: in Sect. 2, we review the basic concepts of the consistency calculus [15]. We then describe the system architecture in Sect. 3 and show the CCC at work with an extended example in Sect. 4. J.L. Fiadeiro, P. Mosses, and F. Orejas (Eds.): WADT 2004, LNCS 3423, pp , c Springer-Verlag Berlin Heidelberg 2005
2 2 The Consistency Calculus CCC The Casl Consistency Checker 95 The specification language Casl [4, 13] constitutes a standard in algebraic specification. Its features include total and partial functions, predicates, subsorted overloading, sort generation constraints, and structured and architectural specifications. A method for proving consistency of Casl specifications has been introduced in [15]; we briefly recall the main features of the calculus. The consistency calculus comprises three parts, concerned with specification equivalence, conservativity of extensions, and definitionality of extensions, respectively. The core of the method is the conservativity calculus; consistency of a specification is encoded as conservativity over the empty specification. The implementation extends the calculus of [15] by well-formedness assertions, so that well-formedness also of unparsable specifications (namely, specifications that contain specification variables) can be guaranteed. The Extension Calculus. This calculus handles extension judgements of the form Sp 1 Sp 2 which state that one has a signature inclusion which is a specification morphism Sp 1 Sp 2. Equivalence of specifications Sp 1 Sp 2 is defined as mutual extension. These notions of extension and equivalence are meant to be used only for minor syntactical adjustments; in particular, the extension calculus is not intended as a means to establish so-called views, which serve to describe general specification morphisms in Casl. Typical rules of the calculus state that (Sp 1 then Sp 2 )extendssp 1, that the union of specifications is idempotent, commutative, and associative, and that (Sp 1 then Sp 2 ) is equivalent to (Sp 1 and Sp 2 ), provided the latter is well-formed (this is an example where a well-formedness assertion is needed). The Definitionality Calculus. An extension Sp 1 Sp 2 is called definitional if each model of Sp 1 extends uniquely to a model of Sp 2 ;incasl, thisisexpressed by the semantic annotation %def. In particular, definitionality implies conservativity (see below). A definitionality assertion is written def (Sp 1 )(Sp 2 ). The definitionality calculus plays an auxiliary role, since the main concern of the method is conservativity. It presently covers definition by abbreviation and primitive recursion; further extensions such as well-founded recursion are obvious, but require more elaborate tool support. The Conservativity Calculus. The notion of conservativity denoted by the Casl annotation %cons is that of model extensivity: an extension Sp 1 Sp 2 is conservative if each model M of Sp 1 extends to a model of Sp 2 ;thisiswritten cons(sp 1 )(Sp 2 ). The consistency assertion c(sp) abbreviates cons({})(sp), where {} denotes the empty specification. Since the empty specification has a unique model, c(sp) indeed states that Sp is consistent. The conservativity rules divide into three major groups:
3 96 C. Lüth, M. Roggenbach, and L. Schröder Basic language-independent rules, typical examples being a rule that states that conservative extensions compose and a rule which allows deducing conservativity from definitionality. Logic-independent rules that propagate conservativity along the various Casl structuring constructs. E.g., unions of specifications are treated by the rule (union) Sp i defines the signature Σ i,i=1, 2 Sp Sp 1,Sp Sp 2 Σ 1 Σ 2 is amalgamable Sp defines Σ 1 Σ 2 cons(sp)(sp 1 ) cons(sp 2 )(Sp 1 and Sp 2 ) Approximative algorithms for checking amalgability are already implementedincats.thisisatypicalcasewherestaticsideconditionsare relegated to further tools integrated into CCC. Logic-specific rules that guarantee conservativity for certain syntactic patterns such as data types or positive Horn extensions. A simple example is (free) newsort(dd 1...DD n )(Sp) Sp then types DD 1 ;...; DD n has a closed term for each new sort cons(sp)(sp then free types DD 1 ;...; DD n ) where the DD i are datatype declarations and the assertion newsort(dd 1...DD n )(Sp) states that the sorts declared in DD 1...DD n are not already in Sp another example of a proof obligation that is discharged by a static checker. The strategy for conservativity proofs is roughly as follows: the goal is split into parts using the logic-independent parts of the conservativity calculus, occasionally using the extension calculus for certain sideward steps; at the level of basic specifications, conservativity is then established by the definitionality calculus and the logic-specific rules of the conservativity calculus. This may involve the use of built-in static checkers, and, at eventually pinpointed hot spots, actual theorem proving. 3 System Architecture For a tool such as a consistency checker or theorem prover, correctness is critical: if the tool asserts that a specification is consistent, we need to be sure that this follows from the consistency calculus, not from a bug in the implementation. On the other hand, flexibility is important as well: users should be as unconstrained as possible in the way which they conduct their consistency proofs. CCC s design follows the so-called LCF design [8], where a rich logic (such as higher-order logic) is implemented by a small logical core of basic axioms and inference rules. In this design, the logical core implements an abstract datatype of theorems, with logically correct inference rules as operations. Other theorems can only be derived by applying these operations, i.e. by correct inferences; thus
4 CCC The Casl Consistency Checker 97 the correctness of the whole system is reduced to the correctness of the logical core. The logic encoded within the logical core is called the meta-logic, whereas the logic being modelled by the rules is the object logic. Figure 1 shows the system architecture in three layers: innermost, we have the logical core, surrounded by the extended object logic which supplements the meta-logic with specialised proof procedures. The outermost layer is given by auxiliary proof infrastructure. CCC Proof Infrastructure Derived Rules Tactics & Tacticals Goal Package Rules Library Extended Object Logic is_primrec_opdefn Provers is_theorem HOL CASL is_definitional... wellformed Logical Core CATS Static Analysis Axiomatic Rule Base Meta Logic Unification & Substitution CASL Abstract Syntax Fig. 1. CCC System Architecture 3.1 The Logical Core The logical core of CCC implements the meta-logic, the axioms of the object logic, and the axiomatic rule base. The meta-logic is a weak fragment of conjunctive logic. It formalises rules as we have seen in Sect. 2 above, and ways in which to manipulate them. A rule allows us to deduce a proposition, the conclusion, from a list of propositions, the premises. All deductions live in the context of a particular (global) environment which maps names to specifications; hence, all rules are parameterised by an environment. We write such a rule as Γ P 1,...,P n Q, whereγ is an environment, P 1 to P n are the premises, and Q is the conclusion. Figure 2 shows the rules of the meta-logic (where Pσ is the application of a substitution σ to a proposition P, andmgu is the most general unifier of two propositions). This formulation of the meta-logic allows proofs by both forward and backward reso-
5 98 C. Lüth, M. Roggenbach, and L. Schröder lution. Forward resolution is application of the meta-rule compose i and allows us to derive a new rule from two old ones. Backward resolution allows goal-directed proof (see Sect. 3.3 below). Γ P P assume Γ P 1,...,P n Q R 1,...,R m S 1 i m Γ σ = mgu(q, R i) R 1σ,...,R i 1σ, P 1σ,...,P nσ, R i+1σ,...,r mσ Sσ compose i Γ P 1,...,P n Q i j, 1 i, j n, P i = P j Γ P 1,...,P j 1,P j+1,...,p n Q contract i,j Γ P 1,...,P n Q Γ P 1σ,...,P nσ Qσ specialise Fig. 2. Inference Rules of the CCC meta-logic The object logic implements the judgements of the conservativity calculus. They are modelled by a datatype prop, with CATS used to model the abstract syntax of Casl (in particular, AS.L SPEC is the type of specifications): datatype prop = consistent_spec of AS.L_SPEC conservative of AS.L_SPEC * AS.L_SPEC definitional of AS.L_SPEC * AS.L_SPEC implicational of AS.L_SPEC *AS. L_SPEC ext of AS.L_SPEC * AS.L_SPEC equiv of AS.L_SPEC * AS.L_SPEC provable of pprop The datatype pprop is explained in detail below. The third component of the logical core is the rule base. This is a collection of rulesthecorrectnessofwhichhastobeprovedoutsideofthesystembyappealing to the Casl semantics, as opposed to all other rules, which are derived from these rules using the meta-rules; in other words, the rule base contains all rules of the consistency calculus of [15] except the ones explicitly stated as derived. 3.2 Provable Propositions and Provers The extended object logic adds decision procedures, called provers, to the logical core. Provers apply to specific proof obligations called provable propositions
6 CCC The Casl Consistency Checker 99 represented by the datatype pprop. There are about thirty kinds of provable propositions; an excerpt of the datatype pprop showing three typical cases is this: datatype pprop = well_formed of AS.L_SPEC is_just_signature of AS.L_SPEC is_theorem of AS.L_SPEC * AS.FORMULA list... The first type of proof obligations states that a particular specification is wellformed; this can be discharged by calling CATS static analysis. The second states that a specification is merely a signature, and can be discharged by a straightforward recursive function which descends the syntax tree of the specification and returns false as soon as it finds something which does not belong into a signature (such as axioms or free datatypes). The third says that a list of formulae is provable from the given specification, and requires interactive theorem proving using HOL-CASL. A typical rule that has a provable proposition as a premise is the conservativity rule for subtype definitions, (sub) newsort(s)(sp) implies(sp)(sp then axiom v : t F ) cons(sp)(sp then sort s = {v : t F }). Here, the provable proposition newsort(s)(sp) states that the sort s is not already declared in Sp, a fact that is easily checked statically. By distinguishing propositions (prop) and proof obligations (pprop), we restrict the potential harmful effects of wrongly implemented provers. For example, it is impossible to write a prover which returns consistent SPEC(Sp) for every specification Sp. Note that provers are supplied when the system is built, never at run-time by the user. 3.3 Proof Infrastructure The proof infrastructure contains further modules which facilitate interactive or semi-automatic proof. Derived rules are those of the rules from the calculus [15] which can be derived from the rule base. The tactics package allows us to write advanced proof procedures. A tactic is a function on rules. The rules of the meta-logic give us elementary tactics, which together with combinators such as case distinction or sequential composition can be composed to more sophisticated tactics such as one which handles all definitional extensions. The rule library stores and retrieves previously shown results, and the goal package allows backwards proof, starting from a stated goal and reducing it to the list of empty premises by tactics application. Users interact with the system using the SML command line interface, or more comfortably using an instance of the Proof General interface [1]. The latter combines SML s flexibility and expressional power with script management and a comfortable interactive environment.
7 100 C. Lüth, M. Roggenbach, and L. Schröder CCC consists of about 7500 lines of SML code (excluding CATS and HOL- CASL). It runs under SML of New Jersey, but should be easily portable to other SML implementations. Source code and binary builds can be downloaded from the CCC web site [5]. 4 Extended Example To demonstrate the CCC s capabilities, we will show the consistency of the specifications Nat of natural numbers (see Fig. 3) and Char of the datatype of ASCII characters (see Fig. 4), taken from the Casl standard library of Basic Datatypes [13] 1. The simple structure of these specifications allows a detailed discussion of their respective CCC proof scripts. However, the proofs involve non-trivial consistency arguments. Furthermore, in the case of the specification Char a complete consistency proof is not feasible without tool support due to the length of the specification which involves more than 1000 axioms. spec Nat = free type Bool ::= TT FF then free type Nat ::= 0 suc(pre:? Nat) then op <= : Nat * Nat -> Bool... then op * : Nat * Nat -> Nat; forall m,n : Nat. 0 * m = 0. suc(n) * m = (n * m) + m then op 1: Nat = suc (0);...; op 9: Nat = suc (8); (m:nat;n:nat): Nat = (m * suc(9)) + n end Fig. 3. The specification Nat spec Char = Nat then sort Byte = { n: Nat. (n <= 255) = TT } then free type Char ::= chr(ord: Byte) then op \000 : Char = chr(0 as Byte);... then op NL:Char = LF; then op \n : Char = NL; end 4.1 Consistency Proof of Nat Fig. 4. The specification Char Figure 5 shows the CCC proof script. We start by loading the library containing Nat (load lib "Numbers"), stating our goal, and unfolding the specification 1 For the purposes of this paper, the specification text has been slightly modified to make the consistency proof more readable.
8 CCC The Casl Consistency Checker load_lib "Numbers"; ccc "Nat"; (* start the proof *) 2 ap (compose Struct.name1); (* unfold the spec *) 3 ap (Repeat(OpDefns)); (* deal with Op defns *) 4 ap (Repeat prim_rec_defns); (* deal with prim rec defs *) 5 ap (prove_free_type "0" 1); (* deal with free type Nat, 6 "0" as witness for non-empty carrier set *) 7 ap (prove 2 Prover.p_holcasl_auto); 8 ap (compose Struct.add_empty 1); (* add empty spec as start point *) 9 ap (prove 1 Prover.p_well_formed); 10 ap (prove_free_type "TT" 1); (* deal with free type Bool: 11 "TT" as witness for non-empty carrier set *) 12 ap (prove 2 Prover.p_holcasl_auto); 13 ap (compose Basic.triv_consistency); (* empty spec is consistent *) 14 ap (prove 1 Prover.p_is_just_signature); 15 qeccc "Nat"; (* store the result *) Fig. 5. The CCC proof script for the specification Nat (lines 1 2). The general idea of consistency proofs in CCC is to reduce the overall goal to simpler goals by working backwards through the specification text, reducing it to structures simple enough to show their consistency directly. In our example, the first step is to show that the operation definition (m:nat;n:nat): Nat = (m * suc(9)) + n is definitional. If this is the case, the whole specification Nat is consistent if its specification text without the last line is consistent. This type of argument (the tactic OpDefns, line 3) can be repeated for all the digit definitions from op 1: Nat = suc (0) to op 9: Nat = suc (8). Here, we can use the tactical combinator Repeat, which applies its argument until it fails. Applying the composed tactic reduces our goal to consistency of this smaller specification: free type Bool ::= TT FF then... then op * : Nat * Nat -> Nat; forall m,n : Nat. 0 * m = 0. suc(n) * m = (n * m) + m Here, multiplication on natural numbers is a new operation whose axioms are primitive recursive. This is verified by the tactic prim rec defns (line 4). Again, this type of argument can be repeated, as also + and <= are defined by primitive recursion. Hence, we have reduced the specification to be shown consistent to free type Bool ::= TT FF then free type Nat ::= 0 suc(pre:? Nat)
9 102 C. Lüth, M. Roggenbach, and L. Schröder 1 load_lib "SimpleDatatypes"; ccc "Char"; (* start the proof *) 2 ap (compose Struct.name1); (* unfold the spec *) 3 ap (Repeat(OpDefns)); (* deal with the Op Defns *) ap (prove 3 Prover.p_new_sorts_closed_terms_dd); 6 (* deal with free type *) 7 ap (specialize_with (("t", 0), "chr(0 as Byte)") 3); 8 ap (prove 3 Prover.p_closed_term_for_sort); 9 holcasl 3;...; caslqed(); ap (compose SpecialExt.sub 2); (*deal with subsort definition*) 12 ap (prove 2 Prover.p_new_sort); 13 ap (compose Imp.theorem_prover_basic 2 ); 14 holcasl 2; by (rtac exi 1); (* proof in HOL-CASL *) 15 by (rtac leq_def1_nat 1); caslqed (); ap (compose Struct.named); (* use the result c(nat) *) 18 ap (compose (get "Nat")); 19 qeccc "c_char"; (* store the proof *) Fig. 6. The CCC proof script for the specification Char Next, we deal with the definition of the natural numbers as a free type. The tactic prove free type (line 5) takes 0 as a witness that there exists a defined term of type Nat. In the next step, the definedness of 0 is verified by simple theorem proving in HOL-CASL. These arguments reduce the specification text relevant for consistency to free type Bool ::= TT FF Now we add the empty specification (lines 8 9), as justified by our equivalence rules: {} then free type Bool ::= TT FF This allows us to apply again the tactic prove free type (line 10), this time with TT as a witness. After discharging the proof obligation that TT is defined (line 12), it remains to prove that the empty specification is consistent (line 13). This is verified by the prover Prover.p is just signature, which checks that the empty specification does not contain any axioms. Finally, we store our consistency result under the name Nat for later re-use (line 15). 4.2 Consistency Proof of Char For this example, see the proof script in Figure 6, we need to load the library SimpleDatatypes (line 1), which imports the specification Nat the consistency of which we have shown in the previous section. After stating our proof goal (line
10 CCC The Casl Consistency Checker 103 1) and unfolding the specification (line 2), the first actual proof steps consist of showing that all the operation definitions op \ n : Char = NL till \000 : Char = chr(0 as Byte) are definitional (remember that we are working backwards). Forthispurpose we repeatagainthe tacticopdefns (line 3). This reduces our goal to show the consistency of this smaller specification: Nat then sort Byte = { n: Nat. (n <= 255) = TT } then free type Char ::= chr(ord: Byte) To deal with free type Char..., we have to show that the sort Char is new and non-empty. The prover Prover.p new sorts closed terms dd checks the first condition (line 5) and generates a proof obligation, where the user has to provide a closed term as a witness that the carrier of the sort Char is nonempty; here, we choose "chr(0 as Byte)" (line 6) and can then discharge the proof obligation (line 7) 2. This leaves us with the proof obligation that chr(0 as Byte) is actually defined, which we discharge with a small HOL-CASL proof (line 8; the details of the proof are elided here). Similarly, to deal with the subsort definition Byte, we need to check that sort Byte is new (Prover.p new sort, line 11) and its carrier is non-empty. To this end, we need to show that there exists an element in the sort Nat which is less or equal to 255 (rule Imp.theorem prover basic, line 12), which requires more theorem proving in HOL-CASL (lines 13 14). We finish the proof by recalling the consistency of Nat using the above established result (line 16 17). This is possible, because the specification Nat has been imported and hence is part of the global environment in which we prove the consistency of Char. Finally, the established theorem "c Char" is stored with the command qeccc (line 18). 5 Conclusions and Future Work CCC is a tool to support consistency proofs for specifications written in the standard algebraic specification language Casl. The calculus implemented by CCC supports a proof method where large specifications are split into parts along their explicit specification structure; trivial consistency issues are discharged along the way, leading to the real hot spots of the specification that possibly require actual theorem proving. As presented here, the tool should be seen as a prototype and research vehicle, which we can use to study how to conduct consistency proofs for large, realistic Casl specifications using our calculus; it is certainly not a ready-to-use industrial strength tool yet. The design of CCC focuses on two main issues: firstly, by basing the design on a small and encapsulated logical core, correctness of the tool reduces to the correctness of this core, i.e. essentially correctness of the calculus in [15]. 2 These are the steps which we combined to the tactic prove free type used in the previous section in the consistency proof of Nat.
11 104 C. Lüth, M. Roggenbach, and L. Schröder Secondly, tactics, tactical combinators, forward and backward proof give users the flexibility to conduct consistency proofs in a comfortable and extensible way, and to design powerful proof strategies. This allows us to gradually develop effective and efficient proof tactics for realistic specifications. The use of CCC has been illustrated by means of an extended example. Further experiments include specifications from the libraries Numbers, RelationsAndOrders, Algebra I from the Casl standard library of Basic Datatypes [13] as well as consistency checks of datatypes evolving in an industrial case study of specifying an electronic payment system [7]. While logically simple, these examples provide enough material both in terms of structure and size to show not only that the tool is able to deal with substantial specifications, but that its use indeed represents added value. Related work: We can distinguish between approaches which avoid inconsistency by construction, and approaches which show consistency by showing satisfiability. The first approach comprises model-based specification formalisms such as Z [16] and VDM [10], where a model of the system is constructed rather than an axiomatic description; systems based on conservative extension such Isabelle [14], where specifications are built by conservatively extending consistent ones; and systems based on constructive type theory such as Coq [3] or Alfa/Agda [9, 6]. Following the second approach, there is a huge body of work on the satisfiability (and hence consistency) of first-order formulae, which is complimentary to our work; in our terminology, such automatic tools are provers which can be used to prove the consistency of a set of axioms, and we aim to integrate these tools into our system in the future. However, the contribution of our work is to provide a framework in which to conduct consistency proofs for large, structured specifications. Future work: We will focus on designing more powerful tactics by testing the tool with more examples selected from a wide range of case studies including specifications found in [4, 13, 2, 7]. These examples will be more involved at the level of basic specifications (i.e. in terms of logic rather than in terms of structuring). On the other hand, more decision procedures will be provided in order to increase the degree of automation. Obvious candidates include decision procedures already implemented in the Casl tool set (for example concerning the search for witnesses of non-emptiness of types), as well as existing automatic consistency checkers or SAT solvers such as Chaff [11]. Acknowledgements The authors would like to thank Janosch Neuweiler and Tobias Thiel for their help in implementing CCC, Erwin R. Catesbeiana for asking the right questions, Till Mossakowski for consultations on HOL-CASL and CATS, and David Aspinall for helping to set up the Proof General interface.
12 CCC The Casl Consistency Checker 105 References 1. D. Aspinall, Proof General: A generic tool for proof development, Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS, vol. 1785, Springer, 2000, pp H. Baumeister and D. Bert, Algebraic specification in Casl, Software Specification Methods: An Overview Using a Case Study (M. Frappier and H. Habrias, eds.), Springer, Y. Bertot and P. Castéran, Interactive Theorem Proving and Program Development. Coq Art: The Calculus of Inductive Constructions, Springer, M. Bidoit and P. D. Mosses, Casl User Manual, LNCS, vol. 2900, Springer, The CCC homepage, 6. C. Coquand, Agda homepage, 7. A. Gimblett, M. Roggenbach, and H. Schlingloff, Towards a formal specification of an electronic payment system in Csp-Casl, Recent Trends in Algebraic Development Techniques (WADT 204) (José Luiz Fiadeiro, Peter Mosses, and Fernando Orejas, eds.), LNCS, Springer, To appear. 8. M. Gordon, R. Milner, and C. Wadsworth, Edinburgh LCF: a Mechanised Logic of Computation, LNCS, vol. 78, Springer, T. Hallgren, Alfa homepage, C. B. Jones, Systematic Software Development using VDM, Prentice Hall, M. Moskewicz, C. Madigan, Y. Zhao, L. Zhang, and S. Malik, Chaff: Engineering an efficient SAT solver, Design Automation, ACM, 2001, pp T. Mossakowski, Casl - from semantics to tools, Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS, vol. 1785, Springer, 2000, pp P. D. Mosses (ed.), Casl Reference Manual, LNCS, vol. 2960, Springer, T. Nipkow, L. C. Paulson, and M. Wenzel, Isabelle/HOL A Proof Assistant for Higher-Order Logic, LNCS, vol. 2283, Springer, M. Roggenbach and L. Schröder, Towards trustworthy specifications I: Consistency checks, Recent Trends in Algebraic Development Techniques (WADT 201), LNCS, vol. 2267, Springer, 2002, pp M. Spivey, The Z Notation: A Reference Manual, Prentice Hall, 1992, 2nd edition.
Checking Conservativity With HETS
Checking Conservativity With HETS Mihai Codescu 1, Till Mossakowski 2,3, and Christian Maeder 2 1 University of Erlangen-Nürnberg, Germany 2 DFKI GmbH Bremen, Germany 3 SFB/TR 8 Spatial Cognition, University
More information3.4 Deduction and Evaluation: Tools Conditional-Equational Logic
3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax
More informationTowards Trustworthy Specifications I: Consistency Checks
Towards Trustworthy Specifications I: Consistency Checks Markus Roggenbach and Lutz Schröder BISS, Department of Computer Science, Bremen University Abstract. As the first of two methodological devices
More informationFrom Types to Sets in Isabelle/HOL
From Types to Sets in Isabelle/HOL Extented Abstract Ondřej Kunčar 1 and Andrei Popescu 1,2 1 Fakultät für Informatik, Technische Universität München, Germany 2 Institute of Mathematics Simion Stoilow
More informationProvably Correct Software
Provably Correct Software Max Schäfer Institute of Information Science/Academia Sinica September 17, 2007 1 / 48 The Need for Provably Correct Software BUT bugs are annoying, embarrassing, and cost gazillions
More informationTheorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214
Theorem proving PVS theorem prover Abhik Roychoudhury National University of Singapore Both specification and implementation can be formalized in a suitable logic. Proof rules for proving statements in
More informationTypes Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type
Types Summer School Gothenburg Sweden August 2005 Formalising Mathematics in Type Theory Herman Geuvers Radboud University Nijmegen, NL Dogma oftype Theory Everything has a type M:A Types are a bit like
More informationIsabelle/HOL:Selected Features and Recent Improvements
/: Selected Features and Recent Improvements webertj@in.tum.de Security of Systems Group, Radboud University Nijmegen February 20, 2007 /:Selected Features and Recent Improvements 1 2 Logic User Interface
More informationGuarded Operations, Refinement and Simulation
Guarded Operations, Refinement and Simulation Steve Reeves and David Streader Department of Computer Science University of Waikato Hamilton, New Zealand stever,dstr@cs.waikato.ac.nz Abstract Simulation
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More informationPrograms and Proofs in Isabelle/HOL
Programs and Proofs in Isabelle/HOL Makarius Wenzel http://sketis.net March 2016 = Isabelle λ β α Introduction What is Isabelle? Hanabusa Itcho : Blind monks examining an elephant Introduction 2 History:
More informationBasic Foundations of Isabelle/HOL
Basic Foundations of Isabelle/HOL Peter Wullinger May 16th 2007 1 / 29 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29
More informationInduction and Semantics in Dafny
15-414 Lecture 11 1 Instructor: Matt Fredrikson Induction and Semantics in Dafny TA: Ryan Wagner Encoding the syntax of Imp Recall the abstract syntax of Imp: a AExp ::= n Z x Var a 1 + a 2 b BExp ::=
More informationAn LCF-Style Interface between HOL and First-Order Logic
An LCF-Style Interface between HOL and First-Order Logic Joe Hurd Computer Laboratory University of Cambridge, joe.hurd@cl.cam.ac.uk 1 Introduction Performing interactive proof in the HOL theorem prover
More informationHOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1
LAST TIME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 The Epsilon
More informationCLF: A logical framework for concurrent systems
CLF: A logical framework for concurrent systems Thesis Proposal Kevin Watkins Carnegie Mellon University Committee: Frank Pfenning, CMU (Chair) Stephen Brookes, CMU Robert Harper, CMU Gordon Plotkin, University
More informationProofs and Proof Certification in the TLA + Proof System
Proofs and Proof Certification in the TLA + Proof System Stephan Merz Inria Nancy Grand-Est & LORIA, Villers-lès-Nancy, France Abstract TLA + is a specification language originally designed for specifying
More informationIntegration of SMT Solvers with ITPs There and Back Again
Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System
More informationSOFTWARE ENGINEERING DESIGN I
2 SOFTWARE ENGINEERING DESIGN I 3. Schemas and Theories The aim of this course is to learn how to write formal specifications of computer systems, using classical logic. The key descriptional technique
More informationProgramming Languages Third Edition
Programming Languages Third Edition Chapter 12 Formal Semantics Objectives Become familiar with a sample small language for the purpose of semantic specification Understand operational semantics Understand
More informationFormally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
More informationFormal Predicate Calculus. Michael Meyling
Formal Predicate Calculus Michael Meyling May 24, 2013 2 The source for this document can be found here: http://www.qedeq.org/0_04_07/doc/math/qedeq_formal_logic_v1.xml Copyright by the authors. All rights
More informationTowards Coq Formalisation of {log} Set Constraints Resolution
Towards Coq Formalisation of {log} Set Constraints Resolution Catherine Dubois 1, Sulyvan Weppe 2, 1. ENSIIE, lab. Samovar, CNRS, Évry, France 2. ENSIIE, Évry, France Abstract. The language {log} is a
More informationIntroduction to dependent types in Coq
October 24, 2008 basic use of the Coq system In Coq, you can play with simple values and functions. The basic command is called Check, to verify if an expression is well-formed and learn what is its type.
More informationCSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27
CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 2.1-2.7 p. 1/27 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer
More informationLecture 5 - Axiomatic semantics
Program Verification March 2014 Lecture 5 - Axiomatic semantics Lecturer: Noam Rinetzky Scribes by: Nir Hemed 1.1 Axiomatic semantics The development of the theory is contributed to Robert Floyd, C.A.R
More informationarxiv: v1 [cs.lo] 23 Apr 2012
The Distributed Ontology Language (DOL): Ontology Integration and Interoperability Applied to Mathematical Formalization Christoph Lange 1,2, Oliver Kutz 1, Till Mossakowski 1,3, and Michael Grüninger
More informationthe Common Algebraic Specification Language
Introduction to CASL, the Common Algebraic Specification Language Franz Lichtenberger Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria Franz.Lichtenberger@risc.uni
More informationFormal Methods in Software Design. Markus Roggenbach
Formal Methods in Software Design Markus Roggenbach October 2001 2 Formal Methods Use of mathematics in software development main activities: writing formal specifications 2 Formal Methods Use of mathematics
More informationType Classes and Overloading in Higher-Order Logic
Type Classes and Overloading in Higher-Order Logic Markus Wenzel Technische Universität München Institut für Informatik, Arcisstraße 21, 80290 München, Germany http://www4.informatik.tu-muenchen.de/~wenzelm/
More informationAlgebraic Properties of CSP Model Operators? Y.C. Law and J.H.M. Lee. The Chinese University of Hong Kong.
Algebraic Properties of CSP Model Operators? Y.C. Law and J.H.M. Lee Department of Computer Science and Engineering The Chinese University of Hong Kong Shatin, N.T., Hong Kong SAR, China fyclaw,jleeg@cse.cuhk.edu.hk
More informationFormally-Proven Kosaraju s algorithm
Formally-Proven Kosaraju s algorithm Laurent Théry Laurent.Thery@sophia.inria.fr Abstract This notes explains how the Kosaraju s algorithm that computes the strong-connected components of a directed graph
More informationHigher-Order Logic. Specification and Verification with Higher-Order Logic
Higher-Order Logic Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität Kaiserslautern
More informationAutomated Reasoning. Natural Deduction in First-Order Logic
Automated Reasoning Natural Deduction in First-Order Logic Jacques Fleuriot Automated Reasoning Lecture 4, page 1 Problem Consider the following problem: Every person has a heart. George Bush is a person.
More informationInductive Definitions, continued
1 / 27 Inductive Definitions, continued Assia Mahboubi Jan 7th, 2016 2 / 27 Last lecture Introduction to Coq s inductive types: Introduction, elimination and computation rules; Twofold implementation :
More informationCSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections p.
CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Sections 10.1-10.3 p. 1/106 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer
More informationOverview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL
Overview A Compact Introduction to Isabelle/HOL Tobias Nipkow TU München 1. Introduction 2. Datatypes 3. Logic 4. Sets p.1 p.2 System Architecture Overview of Isabelle/HOL ProofGeneral Isabelle/HOL Isabelle
More information10 Years of Partiality and General Recursion in Type Theory
10 Years of Partiality and General Recursion in Type Theory Ana Bove Chalmers University of Technology DTP 10 July 9th 2010 Claims and Disclaims I know that I know nothing Socrates Ana Bove DTP 10 July
More informationOn Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda
On Agda 2009.3.12 JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata Agenda On Agda Agda as a programming language Agda as a proof system Further information. 2 1 Agenda On Agda Agda as a programming
More informationCSCI-GA Scripting Languages
CSCI-GA.3033.003 Scripting Languages 12/02/2013 OCaml 1 Acknowledgement The material on these slides is based on notes provided by Dexter Kozen. 2 About OCaml A functional programming language All computation
More informationSystem Description: Twelf A Meta-Logical Framework for Deductive Systems
System Description: Twelf A Meta-Logical Framework for Deductive Systems Frank Pfenning and Carsten Schürmann Department of Computer Science Carnegie Mellon University fp@cs.cmu.edu carsten@cs.cmu.edu
More informationThe Isabelle/HOL type-class hierarchy
= Isabelle λ β Isar α The Isabelle/HOL type-class hierarchy Florian Haftmann 8 October 2017 Abstract This primer introduces corner stones of the Isabelle/HOL type-class hierarchy and gives some insights
More informationABriefOverviewofAgda A Functional Language with Dependent Types
ABriefOverviewofAgda A Functional Language with Dependent Types Ana Bove, Peter Dybjer, and Ulf Norell e-mail: {bove,peterd,ulfn}@chalmers.se Chalmers University of Technology, Gothenburg, Sweden Abstract.
More informationA Simpl Shortest Path Checker Verification
A Simpl Shortest Path Checker Verification Christine Rizkallah Max-Planck-Institut für Informatik, Saarbrücken, Germany Abstract. Verification of complex algorithms with current verification tools in reasonable
More informationBeluga: A Framework for Programming and Reasoning with Deductive Systems (System Description)
Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) Brigitte Pientka and Joshua Dunfield McGill University, Montréal, Canada {bpientka,joshua}@cs.mcgill.ca Abstract.
More informationTopic 3: Propositions as types
Topic 3: Propositions as types May 18, 2014 Propositions as types We have seen that the main mathematical objects in a type theory are types. But remember that in conventional foundations, as based on
More informationLost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015
Lost in translation how easy problems become hard due to bad encodings Vampire Workshop 2015 Leonardo de Moura Microsoft Research I wanted to give the following talk http://leanprover.github.io/ Automated
More informationAn Annotated Language
Hoare Logic An Annotated Language State and Semantics Expressions are interpreted as functions from states to the corresponding domain of interpretation Operators have the obvious interpretation Free of
More informationAn Introduction to ProofPower
An Introduction to ProofPower Roger Bishop Jones Date: 2006/10/21 16:53:33 Abstract An introductory illustrated description of ProofPower (not progressed far enough to be useful). Contents http://www.rbjones.com/rbjpub/pp/doc/t015.pdf
More informationTo be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 Introduction SDN research directions as outlined in IRTF RG outlines i) need for more flexibility and programmability
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More informationPreuves Interactives et Applications
Preuves Interactives et Applications Christine Paulin & Burkhart Wolff http://www.lri.fr/ paulin/preuvesinteractives Université Paris-Saclay HOL and its Specification Constructs 10/12/16 B. Wolff - M2
More informationPropositional Logic. Part I
Part I Propositional Logic 1 Classical Logic and the Material Conditional 1.1 Introduction 1.1.1 The first purpose of this chapter is to review classical propositional logic, including semantic tableaux.
More informationc constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms
Coq quick reference Meta variables Usage Meta variables Usage c constructor P, Q terms used as propositions db identifier for a hint database s string G, H hypotheses scope identifier for a notation scope
More informationCoq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=
Coq quick reference Category Example Description Meta variables Usage Meta variables Usage c constructor P, Q terms used as propositions db identifier for a hint database s string G, H hypotheses scope
More informationA CRASH COURSE IN SEMANTICS
LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}
More informationNatural deduction environment for Matita
Natural deduction environment for Matita Claudio Sacerdoti Coen and Enrico Tassi Department of Computer Science, University of Bologna Mura Anteo Zamboni, 7 40127 Bologna, ITALY {sacerdot,tassi}@cs.unibo.it
More informationVS 3 : SMT Solvers for Program Verification
VS 3 : SMT Solvers for Program Verification Saurabh Srivastava 1,, Sumit Gulwani 2, and Jeffrey S. Foster 1 1 University of Maryland, College Park, {saurabhs,jfoster}@cs.umd.edu 2 Microsoft Research, Redmond,
More informationModule 3. Requirements Analysis and Specification. Version 2 CSE IIT, Kharagpur
Module 3 Requirements Analysis and Specification Lesson 6 Formal Requirements Specification Specific Instructional Objectives At the end of this lesson the student will be able to: Explain what a formal
More informationRSL Reference Manual
RSL Reference Manual Part No.: Date: April 6, 1990 Original Authors: Klaus Havelund, Anne Haxthausen Copyright c 1990 Computer Resources International A/S This document is issued on a restricted basis
More informationOn Resolution Proofs for Combinational Equivalence Checking
On Resolution Proofs for Combinational Equivalence Checking Satrajit Chatterjee Alan Mishchenko Robert Brayton Department of EECS U. C. Berkeley {satrajit, alanmi, brayton}@eecs.berkeley.edu Andreas Kuehlmann
More informationCS3110 Spring 2016 Lecture 5 Modules for Rational Numbers
CS3110 Spring 2016 Lecture 5 Modules for Rational Numbers Mark Bickford and R. Constable Abstract This lecture begins our discussion of modules in OCaml and module interfaces. These language constructs
More informationPart II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?
Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare
More informationCoq, a formal proof development environment combining logic and programming. Hugo Herbelin
Coq, a formal proof development environment combining logic and programming Hugo Herbelin 1 Coq in a nutshell (http://coq.inria.fr) A logical formalism that embeds an executable typed programming language:
More informationthe application rule M : x:a: B N : A M N : (x:a: B) N and the reduction rule (x: A: B) N! Bfx := Ng. Their algorithm is not fully satisfactory in the
The Semi-Full Closure of Pure Type Systems? Gilles Barthe Institutionen for Datavetenskap, Chalmers Tekniska Hogskola, Goteborg, Sweden Departamento de Informatica, Universidade do Minho, Braga, Portugal
More informationCSC 501 Semantics of Programming Languages
CSC 501 Semantics of Programming Languages Subtitle: An Introduction to Formal Methods. Instructor: Dr. Lutz Hamel Email: hamel@cs.uri.edu Office: Tyler, Rm 251 Books There are no required books in this
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2002 Vol. 1, No. 2, July-August 2002 The Theory of Classification Part 2: The Scratch-Built
More information6.001 Notes: Section 6.1
6.001 Notes: Section 6.1 Slide 6.1.1 When we first starting talking about Scheme expressions, you may recall we said that (almost) every Scheme expression had three components, a syntax (legal ways of
More informationContext aware Calculation and Deduction
Context aware Calculation and Deduction Ring Equalities via Gröbner Bases in Isabelle Amine Chaieb and Makarius Wenzel Technische Universität München Institut für Informatik, Boltzmannstraße 3, 85748 Garching,
More informationCOS 320. Compiling Techniques
Topic 5: Types COS 320 Compiling Techniques Princeton University Spring 2016 Lennart Beringer 1 Types: potential benefits (I) 2 For programmers: help to eliminate common programming mistakes, particularly
More informationModular dependent induction in Coq, Mendler-style. Paolo Torrini
Modular dependent induction in Coq, Mendler-style Paolo Torrini Dept. of Computer Science, KU Leuven ITP 16, Nancy, 22.08.2016 * The Author left the Institution in April 2016 motivation: cost-effective
More informationThe design of a programming language for provably correct programs: success and failure
The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts
More informationLecture slides & distribution files:
Type Theory Lecture slides & distribution files: http://www.cs.rhul.ac.uk/home/zhaohui/ttlectures.html Zhaohui Luo Department of Computer Science Royal Holloway, University of London April 2011 2 Type
More informationIntroduction to Homotopy Type Theory
Introduction to Homotopy Type Theory Lecture notes for a course at EWSCS 2017 Thorsten Altenkirch March 5, 2017 1 What is this course about? To explain what Homotopy Type Theory is, I will first talk about
More informationCS4215 Programming Language Implementation. Martin Henz
CS4215 Programming Language Implementation Martin Henz Thursday 26 January, 2012 2 Chapter 4 The Language simpl In this chapter, we are exting the language epl in order to provide a more powerful programming
More informationMathematics for Computer Scientists 2 (G52MC2)
Mathematics for Computer Scientists 2 (G52MC2) L07 : Operations on sets School of Computer Science University of Nottingham October 29, 2009 Enumerations We construct finite sets by enumerating a list
More informationHow Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms
How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms Mirko Stojadinović Faculty of Mathematics, University of Belgrade Abstract. One approach in achieving
More informationAlgebraic Processors
Algebraic Processors Algebraic Processors By Pouya Larjani, B.Sc. A Thesis Submitted to the School of Graduate Studies in partial fulfilment of the requirements for the degree of Master of Science Department
More informationCIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication
CIS 194: Homework 8 Due Wednesday, 8 April Propositional Logic In this section, you will prove some theorems in Propositional Logic, using the Haskell compiler to verify your proofs. The Curry-Howard isomorphism
More informationInductive Beluga: Programming Proofs
Inductive Beluga: Programming Proofs Brigitte Pientka and Andrew Cave McGill University, Montreal, QC, Canada, {bpientka,acave1}@cs.mcgill.ca Abstract. beluga is a proof environment which provides a sophisticated
More informationCOMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka
COMP 4161 Data61 Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka 1 COMP4161 c Data61, CSIRO: provided under Creative Commons Attribution
More informationGoals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1
Natural Semantics Goals: Define the syntax of a simple imperative language Define a semantics using natural deduction 1 1 Natural deduction is an instance of first-order logic; that is, it is the formal
More informationTowards certification of TLA + proof obligations with SMT solvers
Towards certification of TLA + proof obligations with SMT solvers Stephan Merz and Hernán Vanzetto INRIA Nancy Grand-Est & LORIA Nancy, France Abstract TLA + is a formal specification language that is
More informationTurning inductive into equational specifications
Turning inductive into equational specifications Stefan Berghofer and Lukas Bulwahn and Florian Haftmann Technische Universität München Institut für Informatik, Boltzmannstraße 3, 85748 Garching, Germany
More informationFunctional Programming with Isabelle/HOL
Functional Programming with Isabelle/HOL = Isabelle λ β HOL α Florian Haftmann Technische Universität München January 2009 Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL
More informationλ calculus is inconsistent
Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles
More informationModule 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur
Module 6 Knowledge Representation and Logic (First Order Logic) 6.1 Instructional Objective Students should understand the advantages of first order logic as a knowledge representation language Students
More informationOrganisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course
Organisatorials COMP 4161 NICTA Advanced Course When Tue 9:00 10:30 Thu 9:00 10:30 Where Tue: Law 163 (F8-163) Thu: Australian School Business 205 (E12-205) Advanced Topics in Software Verification Rafal
More informationCMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics
Recall Architecture of Compilers, Interpreters CMSC 330: Organization of Programming Languages Source Scanner Parser Static Analyzer Operational Semantics Intermediate Representation Front End Back End
More information3.7 Denotational Semantics
3.7 Denotational Semantics Denotational semantics, also known as fixed-point semantics, associates to each programming language construct a well-defined and rigorously understood mathematical object. These
More informationEmbedding logics in Dedukti
1 INRIA, 2 Ecole Polytechnique, 3 ENSIIE/Cedric Embedding logics in Dedukti Ali Assaf 12, Guillaume Burel 3 April 12, 2013 Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 1 Outline Introduction
More informationAn Introduction to Programming and Proving in Agda (incomplete draft)
An Introduction to Programming and Proving in Agda (incomplete draft) Peter Dybjer January 29, 2018 1 A first Agda module Your first Agda-file is called BoolModule.agda. Its contents are module BoolModule
More informationFormal semantics of loosely typed languages. Joep Verkoelen Vincent Driessen
Formal semantics of loosely typed languages Joep Verkoelen Vincent Driessen June, 2004 ii Contents 1 Introduction 3 2 Syntax 5 2.1 Formalities.............................. 5 2.2 Example language LooselyWhile.................
More informationCS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011
CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic
More informationAxiomatic Specification. Al-Said, Apcar, Jerejian
Axiomatic Specification Al-Said, Apcar, Jerejian 1 Axioms: Wffs that can be written down without any reference to any other Wffs. Wffs that are stipulated as unproved premises for the proof of other wffs
More information1 Introduction. 3 Syntax
CS 6110 S18 Lecture 19 Typed λ-calculus 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic semantics,
More informationCOMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein
COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion
More informationLOGIC AND DISCRETE MATHEMATICS
LOGIC AND DISCRETE MATHEMATICS A Computer Science Perspective WINFRIED KARL GRASSMANN Department of Computer Science University of Saskatchewan JEAN-PAUL TREMBLAY Department of Computer Science University
More informationThis is already grossly inconvenient in present formalisms. Why do we want to make this convenient? GENERAL GOALS
1 THE FORMALIZATION OF MATHEMATICS by Harvey M. Friedman Ohio State University Department of Mathematics friedman@math.ohio-state.edu www.math.ohio-state.edu/~friedman/ May 21, 1997 Can mathematics be
More information